The next reason for gas costing more at the pump could be malware…

Some Off-Shore Oil Rigs Have Been “Incapacitated” By Malware Thanks To Pirated Music and Porn

Gasoline has started its seasonal increase in cost, as I am sure you have noticed.

Why does it cost of fluctuate? One reason is that as we move towards summer months, additives are implemented which are mandated to be used between April and September in a bid to reduce pollutants. The process costs money, as do the additives, and that is passed on to us. Another reason is an increase in travel, and obviously, the price is going to raise as high as the market will possibly support.

An article caught my eye and made me wonder if another issue may affect us at some point might be Malware.

The article’s headline says it all, “Some Off-Shore Oil Rigs have been “Incapacitated” By Malware Thanks to Pirated Music and Porn“… Follow the link through to read about how there are fears that malware on an oil rig could cause a blowout, explosion or oil spill and even the loss of life.

And I guess it just illustrates that bored workers with access to computers will do what they do best – waste time.

If you would like to discuss how we can keep your Greenville workers from becoming infected, please give us a call at 864-990-4748 – Infection at your workplace may not cause a “blowout”, but it could still potentially cost your company lots of money in downtime and recovery.

Oracle Java vulnerabilities – This is not a repeat

Nothing more to say here…  JAVA is full of holes it might seem.

ALL systems, including Apple Mac, Microsoft Windows, Windows Server, Linux, that are running Java may be vulnerable.

Here’s the latest US-CERT Alert for February 20th in its entirety.

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA13-051A
Oracle Java Multiple Vulnerabilities

Original release date: February 20, 2013 Last revised: —

Systems Affected

Any system using Oracle Java including

* JDK and JRE 7 Update 13 and earlier
* JDK and JRE 6 Update 39 and earlier
* JDK and JRE 5.0 Update 39 and earlier
* SDK and JRE 1.4.2_41 and earlier

Web browsers using the Java plug-in are at high risk.

Overview

Multiple vulnerabilities in Java could allow an attacker to execute
arbitrary code on a vulnerable system.

Description

The Oracle Java SE Critical Patch Update Advisory Update for
February 2013 addresses multiple vulnerabilities in the Java
Runtime Environment (JRE). An additional five fixes that had been
previously planned for delivery are in this update. This
distribution therefore completes the content for all originally
planned fixes to be included in the Java SE Critical Patch Update
for February 2013.

Both Java applets delivered via web browsers and stand-alone Java
applications are affected, however web browsers using the Java
plug-in are at particularly high risk.

The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web
Start can be used as attack vectors. An attacker could use social
engineering techniques to entice a user to visit a link to a
website hosting a malicious Java applet. An attacker could also
compromise a legitimate website and upload a malicious Java applet
(a “drive-by download” attack).

Some vulnerabilities affect stand-alone Java applications,
depending on how the Java application functions and how it
processes untrusted data.

Reports indicate that at least one of these vulnerabilities is
being actively exploited.

Impact

By convincing a user to load a malicious Java applet or Java
Network Launching Protocol (JNLP) file, an attacker could execute
arbitrary code on a vulnerable system with the privileges of the
Java plug-in process.

Stand-alone java applications may also be affected.

Solution

Update Java

The Oracle Java SE Critical Patch Update Advisory Update for
February 2013 states that Java 7 Update 15 and Java 6 Update 41
address these vulnerabilities.

Disable Java in web browsers

These and previous Java vulnerabilities have been widely targeted
by attackers, and new Java vulnerabilities are likely to be
discovered. To defend against this and future Java vulnerabilities,
consider disabling Java in web browsers until adequate updates have
been installed. As with any software, unnecessary features should
be disabled or removed as appropriate for your environment.

Starting with Java 7 Update 10, it is possible to disable Java
content in web browsers through the Java control panel applet. From
Setting the Security Level of the Java Client:

For installations where the highest level of security is required,
it is possible to entirely prevent any Java apps (signed or
unsigned) from running in a browser by de-selecting Enable Java
content in the browser in the Java Control Panel under the Security
tab.

If you are unable to update to at least Java 7 Update 10, please
see the solution section of Vulnerability Note VU#636312 for
instructions on how to disable Java on a per-browser basis.

Restrict access to Java applets

Network administrators unable to disable Java in web browsers may
be able to help mitigate these and other Java vulnerabilities by
restricting access to Java applets using a web proxy. Most web
proxies have features that can be used to block or whitelist
requests for .jar and .class files based on network location.
Filtering requests that contain a Java User-Agent header may also
be effective. For environments where Java is required on the local
intranet, the proxy can be configured to allow access to Java
applets hosted locally, but block access to Java applets on the
internet.

References

* Oracle Java SE Critical Patch Update Advisory Update – February
2013
<http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html>

* Setting the Security Level of the Java Client
<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html>

* The Security Manager
<http://docs.oracle.com/javase/tutorial/essential/environment/security.html>

* How to disable the Java web plug-in in Safari
<https://support.apple.com/kb/HT5241>

* How to turn off Java applets
<https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets>

* NoScript
<http://noscript.net/>

* Securing Your Web Browser
<https://www.us-cert.gov/reading_room/securing_browser/#Safari>

* Vulnerability Note VU#636312
<http://www.kb.cert.org/vuls/id/636312#solution>

Revision History

February 20, 2013: Initial release

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with “TA13-051A Feedback ” in
the subject.
____________________________________________________________________

Produced by US-CERT, a government organization.
____________________________________________________________________

This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy:
http://www.us-cert.gov/privacy/

This document can also be found at
http://www.us-cert.gov/cas/techalerts/TA13-051A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUSTaW3dnhE8Qi3ZhAQICaQf/SaqOpnQuVQ88Tq98/3wMwyHUHRu+Vj0f
vJlK9q2/Mc6kQxPYqWv9Ef8nTMAODAZzvWagcrhKRtvYgl0VMsmNkxSwsc94N8AT
tp6lknZwtKoEztvmwiCTPe6ad/IZWbg+PuYJlgy3UUaN0Wqsk1yKEkvshG3G4w0+
7azUTjgHWK3gmyofkOZgZVFgp+VupHBJH6v+n3H1TvMw6hTbS8takF9ZJbdUI1VJ
MNKC0O/v8cl713C0/wslgf704sB029E7QFBzWEjrzgas+a+026OETSr3y9zWCzk1
KgzLuL3Tww7ijwAKyU4Pe+09f4e3t9XtPoTcRJQysTYjTBZFbKlLCg==
=U2lT
—–END PGP SIGNATURE—–

Apple Macs infected with malware – at Apple Inc

Remember the computer that is impervious to malware, the Apple Mac? Well here’s one for you…

Yesterday, Apple Inc announced that computers within their own network have been exploited.  Mac computers in other companies have also been exploited.

It’s always a heated subject whenever I mention that more and more Apple Macs are becoming compromised. Very passionate people will argue with me until they are blue in the face about how Microsoft Windows machines are more vulnerable, and that their Mac never gets infected. However, I must add this in – as a provider of business computer service and support. We have seen a steady decline in malware on Windows 7 computers, and no infections as of this date on Windows 8. While, Mac issues are increasing.

Here’s a link to the Reuters story.

As always, regardless of whether you own a Windows based computer or a Mac, please take these simple steps at the very least to help insure the security of your computer:

  • Keep your machine’s operating system up to date with patches!
  • Keep all applications, such as Microsoft Office, Adobe Reader up to date with patches
  • Support applications such as JAVA should be kept up to date (and some feel disabled or uninstalled
  • Use current COMMERCIAL anti-virus which permits the scanning of websites in real time (We suggest Trend Micro)
  • Avoid sketchy websites, don’t open emails (You didn’t win the Microsoft Lotto, trust me)
  • If you feel you have been exposed, seek a professional immediately
  • Watch those public hot spots if using a notebook (man-in-the-middle)
  • Do not give permission for anything to install that you didn’t initiate
  • Go straight to Adobe or other software provider for your updates
  • Don’t initiate a scan for malware if prompted while visiting a website

Should you need assistance with any computer or network security issue for your home or business in the Greenville or Upstate SC area, please do not hesitate to call upon us at 864-990-4748 or use our contact form.

 

Law Enforcement SWAT Members Swarm Easley South Carolina Movie Theater

Easley SWAT

Today, on my daily drive in to work, I passed an unusual scene that caught my eye…  A number of Easley PD vehicles were in the parking lot of the Easley Cinema 8 movie theater.

As I made my way back to the location, I spotted officers clad in camouflage entering a back door with weapons drawn. My first thought was that something had gone terribly wrong at the theater, images of the horrific 2012 Aurora Colorado shooting filled my head. Then, I came to my senses. It was 10:00 AM on a weekday, and the police vehicles were neatly backed in.  This had to be a drill.

The first officer I made contact with confirmed that was what was going on.  I then asked him if I could snap a few pictures, not wanting to simply go plastering the web and TV with images that could reveal details that would give a potential perpetrator any kind of tactical advantage. This officer was understandably not keen on it, but gave me the name of the person in charge, who I reached out to in hopes of giving me permission to share this newsworthy event.

Major Tim Tollison of the Easley Police Department was more than generous in giving me a rundown of the exercise unfolding. In short, Major Tollison explained that their newly formed tactical unit was undergoing training on “hostage and active shooter scenarios”. The vice-president of REI Cinemas, Don Massingill, was also present and stated that,  “REI Cinemas is definitely committed to public safety and anything we can do to make their patrons safer and let the police be better trained, and we are happy to participate.”

I attempted to contact my friend and news diva, Amy Wood, with WSPA, but time was limited. The exercise had started at 8:00 AM and was soon to wrap up, leaving little time for a news crew to be dispatched. In lieu of the professionals being there, I was permitted to take a few pictures which I have posted on my Facebook account as well as a short video, which did not turn out nearly as well as I had hoped.

My personal reaction is that Easley’s new tactical response team is off to a great start! In watching them, I was left with the impression that these men know what they are doing, and if ever they have to use these skills, they are going to do a superb job of carrying out the task at hand. I know that

Pictures on Facebook HERE.

Video on Facebook HERE.

Major Tollison and Don Massingill statements HERE.

I give full permission to anyone wanting to use the information contained within this blog post or pictures, audio or video related to it, with two stipulations:  You credit John M. Hoyt and notify me of it’s usage using a pingback, tag, email, phone call or some other form of letting me know.

Microsoft Office 2013 is not transferable to another PC

Microsoft_Office_2013

If you have purchased, or plan to purchase, a new computer with the OEM version of Microsoft Office 2013 on it, please understand that the installation of that Office 2013 can only be done on the computer it was first installed on.

In other words, let’s assume you buy a new computer from Homeland Secure IT along with Microsoft Office 2013 OEM / PKC, and 2 years later, you replace the computer. Previous versions of Microsoft Office would permit you to reinstall the OEM office that you originally purchased on a new computer, but, 2013 will NOT.

This is not anything new, as OEM / PKC versions of Microsoft Office have always been licensed for use with a new computer only. The license agreement expressly forbid you from installing it again on another computer.  Just like the OEM version of the Microsoft Windows Operating System. It was meant for one computer only. Without question, people have purchased the OEM version and then (against the license agreement) installed it on their next new computer too.

What IS new is that the RETAIL version of Microsoft Office will only allow you to load it on the first computer you install it on, then it is forever locked to that computer. That’s not just part of the EULA, it is apparently part of the registration mechanism.

Computer World and other computer news outlets have been obtaining more information, but it appears that this is true for the OEM, Academic, and the retail Home & Business versions.

You can read the Microsoft EULAs here: http://www.microsoft.com/en-us/legal/intellectualproperty/UseTerms/default.aspx

Homeland Secure IT is an authorized Microsoft reseller and partner… Offering the complete line of Microsoft products for sale in the Greenville / Upstate area. We can provide Office, Office 356 or Windows for one computer or one thousand.

Please call us if you have any questions or would like to purchase a Microsoft product. 864-990-4748

Flash! Savior of the Universe! No, not really….

Adobe Flash Player is making more friends (Right up there with JAVA! )…  There are active attacks being reported currently for vulnerabilities that affect not only Microsoft Windows but also Apple Mac.

You should insure that updates are installed!

Should you require assistance applying these critical security updates to your computer or your entire network of computers, please call us at 864-990-4748. We specialize in providing computer and network service and support in Greenville, Spartanburg and Anderson South Carolina.

Here’s some reading for you regarding the Flash Windows and Mac Attacks:

http://securitywatch.pcmag.com/none/307887-adobe-patches-flash-windows-mac-users-under-attack

 

And the latest bulletin from MS:

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 12, 2013
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (2755801)
  – Title: Update for Vulnerabilities in Adobe Flash Player in
    Internet Explorer 10
  – http://technet.microsoft.com/security/advisory/2755801
  – Revision Note: V8.0 (February 12, 2013): Added KB2805940 to
    the Current update section. 

 

Microsoft hearts you – Post Valentine’s Day patches are coming your way!

Microsoft-Valentines-Day

Strap in….  Patches are ‘a comin’ to your Microsoft Windows based computer or Server on February 12, 2013, just in time for Valentine’s Day.

See, Microsoft DOES love you.  Never doubt.

That’s right! For the low, low price of only zero dollars, you will be receiving a number of feature loaded patches, the Microsoft Advance Notification for February 2013 says that you will be eligible for up to a dozen fun-packed bulletins worth of heart-felt updates.

There are five CRITICAL bulletins that affect Microsoft Windows, Internet Explorer and Microsoft Server Software. One absolutely requires a reboot, and it is suggested that you apply it and reboot afterwards. The penalties for avoiding these? Remote Code Execution! In layman’s terms, it means, your machine could be owned by the bad guys and they could have their way with it, scouring it for content, watching for you to log into your bank, or enter a credit card online.

The other bulletins are just as important, hence the label of “Important”, allowing remote code execution, denial of service and elevation of privilege to potentially ruin your day. The affected products are Windows Server Software, Microsoft Windows, Microsoft Office and the Microsoft .NET Framework.

Don’t delay, update today. Errrrrrm, well, after Patch Tuesday anyway!

While you are at it, you need to get the JAVA and Adobe Flash/Reader/Acrobat updates installed too, even if you are using an Apple Mac!

If you have questions, or need assistance with these or any other updates or security concerns in the Greenville or Upstate SC area, please call upon us at 864-990-4748 or use our contact links.

Compass of Carolina 16th annual “Chase Away the Blues” event is almost here!

A Two-Night Fund-Raiser Benefiting Compass of Carolina

(More info about Compass of Carolina can be found at: http://www.compassofcarolina.org/)

Compass of Carolina is proud to announce the return of
South Carolina’s First Lady of Song – Loretta Holloway
on Friday, February 15th

For the first time ever-
ZOSO: The Ultimate Led Zeppelin Experience
on Saturday, February 16th!

 

Tickets are available now, so act fast because both shows are likely to sell out — amazing musical acts, amazing value and an amazing cause make this the best fund-raising weekend of the year! Without the musicians’ participation, there would be no event. These musicians are the “heart and soul” of this event that enables Compass of Carolina to help heal the “hearts and souls” of children, individuals and families in our community. Tickets are available for purchase at the Handlebar, Compass of Carolina and here online through EventBrite!

Order tickets via Eventbrite:
http://catb-efbevent.eventbrite.com

3 Billion Devices Run Java… And many need to update it!

Oracle’s emergency update to Java Runtime Environment and the Development Kit should be applied, immediately.

If you are using Java on your system… Please make sure it is up to date, or consider disabling it all together if you can live without it to decrease the likelihood you could become exploited.

A large number of the machines that we are aware of being infected with malicious software recently, have been as a direct result of Java and Adobe products, not the operating systems themselves.

This goes for Microsoft Windows XP and 7, and Apple Mac.

Should you need help with any virus or malware related issue, for your business or your personal computer in the Upstate SC area, please do not hesitate to call upon us at 864-990-4748.

Snow day for Homeland staff!

Due to the slick conditions, Homeland staff was sent home early.

Hopefully, you will be home, safe and sound yourself, but if you are not, and need assistance with your computer, server or network, please call or email us and we shall attempt to help remotely.

Be careful out there!